Overview
overview
4Static
static
1smartsynch...tem.sh
ubuntu-18.04-amd64
4smartsynch...tem.sh
debian-9-armhf
4smartsynch...tem.sh
debian-9-mips
4smartsynch...tem.sh
debian-9-mipsel
4smartsynch...tem.sh
ubuntu-18.04-amd64
3smartsynch...tem.sh
debian-9-armhf
1smartsynch...tem.sh
debian-9-mips
1smartsynch...tem.sh
debian-9-mipsel
1smartsynch...ize.sh
ubuntu-18.04-amd64
3smartsynch...ize.sh
debian-9-armhf
1smartsynch...ize.sh
debian-9-mips
1smartsynch...ize.sh
debian-9-mipsel
1smartsynch...n/java
ubuntu-24.04-amd64
4smartsynch...in/jfr
ubuntu-24.04-amd64
4smartsynch...eytool
ubuntu-20.04-amd64
4smartsynch...gistry
ubuntu-24.04-amd64
4smartsynch.../jexec
ubuntu-20.04-amd64
1smartsynch...fs.jar
windows7-x64
1smartsynch...fs.jar
windows10-2004-x64
1smartsynch...helper
ubuntu-22.04-amd64
1smartsynch...ket.so
ubuntu-22.04-amd64
1smartsynch...ent.so
ubuntu-24.04-amd64
1smartsynch...gss.so
ubuntu-22.04-amd64
1smartsynch...aas.so
ubuntu-24.04-amd64
1smartsynch...ava.so
ubuntu-18.04-amd64
1smartsynch...dwp.so
ubuntu-24.04-amd64
1smartsynch...age.so
ubuntu-24.04-amd64
1smartsynch...jli.so
ubuntu-24.04-amd64
1smartsynch...sig.so
ubuntu-22.04-amd64
1smartsynch...ent.so
ubuntu-24.04-amd64
1smartsynch...ent.so
ubuntu-20.04-amd64
1smartsynch...ext.so
ubuntu-22.04-amd64
1Analysis
-
max time kernel
0s -
max time network
134s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240611-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
01-09-2024 20:30
Static task
static1
Behavioral task
behavioral1
Sample
smartsynchronize/bin/add-menuitem.sh
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral2
Sample
smartsynchronize/bin/add-menuitem.sh
Resource
debian9-armhf-20240418-en
debian-9-armhf
Behavioral task
behavioral3
Sample
smartsynchronize/bin/add-menuitem.sh
Resource
debian9-mipsbe-20240729-en
debian-9-mips
Behavioral task
behavioral4
Sample
smartsynchronize/bin/add-menuitem.sh
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
Behavioral task
behavioral5
Sample
smartsynchronize/bin/remove-menuitem.sh
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral6
Sample
smartsynchronize/bin/remove-menuitem.sh
Resource
debian9-armhf-20240418-en
debian-9-armhf
Behavioral task
behavioral7
Sample
smartsynchronize/bin/remove-menuitem.sh
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral8
Sample
smartsynchronize/bin/remove-menuitem.sh
Resource
debian9-mipsel-20240729-en
debian-9-mipsel
Behavioral task
behavioral9
Sample
smartsynchronize/bin/smartsynchronize.sh
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral10
Sample
smartsynchronize/bin/smartsynchronize.sh
Resource
debian9-armhf-20240611-en
debian-9-armhf
Behavioral task
behavioral11
Sample
smartsynchronize/bin/smartsynchronize.sh
Resource
debian9-mipsbe-20240611-en
debian-9-mips
Behavioral task
behavioral12
Sample
smartsynchronize/bin/smartsynchronize.sh
Resource
debian9-mipsel-20240611-en
debian-9-mipsel
Behavioral task
behavioral13
Sample
smartsynchronize/jre/bin/java
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral14
Sample
smartsynchronize/jre/bin/jfr
Resource
ubuntu2404-amd64-20240729-en
ubuntu-24.04-amd64
Behavioral task
behavioral15
Sample
smartsynchronize/jre/bin/keytool
Resource
ubuntu2004-amd64-20240611-en
ubuntu-20.04-amd64
Behavioral task
behavioral16
Sample
smartsynchronize/jre/bin/rmiregistry
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral17
Sample
smartsynchronize/jre/lib/jexec
Resource
ubuntu2004-amd64-20240611-en
ubuntu-20.04-amd64
Behavioral task
behavioral18
Sample
smartsynchronize/jre/lib/jrt-fs.jar
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral19
Sample
smartsynchronize/jre/lib/jrt-fs.jar
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
smartsynchronize/jre/lib/jspawnhelper
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
Behavioral task
behavioral21
Sample
smartsynchronize/jre/lib/libdt_socket.so
Resource
ubuntu2204-amd64-20240729-en
ubuntu-22.04-amd64
Behavioral task
behavioral22
Sample
smartsynchronize/jre/lib/libinstrument.so
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral23
Sample
smartsynchronize/jre/lib/libj2gss.so
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
Behavioral task
behavioral24
Sample
smartsynchronize/jre/lib/libjaas.so
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral25
Sample
smartsynchronize/jre/lib/libjava.so
Resource
ubuntu1804-amd64-20240611-en
ubuntu-18.04-amd64
Behavioral task
behavioral26
Sample
smartsynchronize/jre/lib/libjdwp.so
Resource
ubuntu2404-amd64-20240729-en
ubuntu-24.04-amd64
Behavioral task
behavioral27
Sample
smartsynchronize/jre/lib/libjimage.so
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral28
Sample
smartsynchronize/jre/lib/libjli.so
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral29
Sample
smartsynchronize/jre/lib/libjsig.so
Resource
ubuntu2204-amd64-20240522.1-en
ubuntu-22.04-amd64
Behavioral task
behavioral30
Sample
smartsynchronize/jre/lib/libmanagement.so
Resource
ubuntu2404-amd64-20240729-en
ubuntu-24.04-amd64
Behavioral task
behavioral31
Sample
smartsynchronize/jre/lib/libmanagement_agent.so
Resource
ubuntu2004-amd64-20240611-en
ubuntu-20.04-amd64
Behavioral task
behavioral32
Sample
smartsynchronize/jre/lib/libmanagement_ext.so
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
General
-
Target
smartsynchronize/jre/bin/keytool
-
Size
12KB
-
MD5
ed9978f14bbf77364bc65ddfde09c4b3
-
SHA1
9af6fb137c2f077391769238ffc51614250d60ce
-
SHA256
82b4a37cc9f4eb7e36bfaf70943795b6117045bb6d3a13e498a62fead3b3e45f
-
SHA512
c499a40f677b15c803452b06132d00afc64cc61ceba91d07d9358de5d54617a4e953896a60aaacd290f4a81d1ef017f4a35684542341ab1479488da64f74aa1f
-
SSDEEP
96:RyeT+KFq8cgBXBPKPo7DPTlMX37u3F6cAHiaV3ktc/up7/XEV8cgBXB/t6UAy+JY:RbZL19KAHPpMX3EYcRaepTD1/6O
Malware Config
Signatures
-
Changes its process name 12 IoCs
description ioc pid Changes the process name, possibly in an attempt to hide itself VM Thread 1440 Changes the process name, possibly in an attempt to hide itself Reference Handl 1441 Changes the process name, possibly in an attempt to hide itself Finalizer 1442 Changes the process name, possibly in an attempt to hide itself Signal Dispatch 1443 Changes the process name, possibly in an attempt to hide itself Service Thread 1444 Changes the process name, possibly in an attempt to hide itself Monitor Deflati 1445 Changes the process name, possibly in an attempt to hide itself C2 CompilerThre 1446 Changes the process name, possibly in an attempt to hide itself C1 CompilerThre 1447 Changes the process name, possibly in an attempt to hide itself Sweeper thread 1448 Changes the process name, possibly in an attempt to hide itself Notification Th 1449 Changes the process name, possibly in an attempt to hide itself VM Periodic Tas 1450 Changes the process name, possibly in an attempt to hide itself Common-Cleaner 1451 -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo keytool -
Reads CPU attributes 1 TTPs 1 IoCs
description ioc Process File opened for reading /sys/devices/system/cpu/online keytool -
Enumerates kernel/hardware configuration 1 TTPs 6 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/fs/cgroup/memory/system.slice/agent.service/memory.limit_in_bytes keytool File opened for reading /sys/fs/cgroup/memory/system.slice/agent.service/memory.stat keytool File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us keytool File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_period_us keytool File opened for reading /sys/devices/system/cpu keytool File opened for reading /sys/fs/cgroup/memory/system.slice/agent.service/memory.use_hierarchy keytool -
Reads runtime system information 7 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/stat keytool File opened for reading /proc/cgroups keytool File opened for reading /proc/self/cgroup keytool File opened for reading /proc/self/mountinfo keytool File opened for reading /proc/self/coredump_filter keytool File opened for reading /proc/sys/vm/overcommit_memory keytool File opened for reading /proc/1439 keytool -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/hsperfdata_root/1438 keytool
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD52b55842f2d55ed3e6af74c56e109cbb7
SHA1b5f5e545253bd8cc9ad1dd96c123e822d0029036
SHA256492feb0d5117b61692e3618e41c5900c74e8ba1268da2564545a56b82de3b66e
SHA51208fa77e7b333519b9b7f14afeee64ed673baab9ad1a046583878a1db9ebe78ca73ccbb05094ee455203602024e110754f271af7f6364aac82f21c9086f498522